Securing
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Securing

  1. #1
    Member
    Join Date
    Nov 2003
    Posts
    64

    Securing

    Hey all
    When using a microsoft domain environment and i want to secure and scan all the systems for spyware and other malware. What are the steps to follow. Its a small network. Do i login locally or??

    Appreciated

  2. #2
    Member
    Join Date
    Aug 2005
    Posts
    98
    What software are you using? What AV and What Antispyware? and what versions?

    Do you have Domain admin priviliges? (I am assuming you do)

  3. #3
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    I am afraid that you don't say what the circumstances are? Is this a one-off exercise because you think you have been compromised, or a regular event you want to set up.

    If it is a serious compromise situation then the classic wisdom would be to rebuild the lot. It all depends on the particular circumstances. I would at the very least be inclined to clean each machine individually in safe mode. That may well be adequate if it is just annoying adware and such.

    Hard to say without more details.

  4. #4
    Some Assembly Required ShagDevil's Avatar
    Join Date
    Nov 2002
    Location
    New Jersey
    Posts
    718
    coderecycle,
    You did kind of leave out some important information (like Cabby80 posted). It would help alot if you told us what software you have or plan on using. If you have some kind of administrative anti-spyware software, it would propably involve installing it on the server and all the connecting clients then just do all your scanning from a centralized server.
    If it's a stand-alone anti-spyware, your options vary:
    - You can install it on each client machine and scan
    - You can install the anti-spyware program on a flash drive (provided you have a big enough flash drive) and scan each client (this still involves going to each machine)
    - You can install the anti-spyware on each client and use a program like PsExec to open up remote command shells and run the program remotely. However, not all anti-spyware software supports command line execution so you'll have to do some research.
    The object of war is not to die for your country but to make the other bastard die for his - George Patton

  5. #5
    Junior Member
    Join Date
    Jul 2006
    Posts
    11
    I would recomend getting the enterprise edition of webroot spysweeper. I'v had companys that have been getting totally hosed by spyware and once i implimented this I have had no problems at all. You can push it out from any system on the domain to all the clients on the domain so you don't actually have to put it on a domain controller. Also in the past i have made a PE boot disk that runs its own version of windows off a cd that i have then had anti-spyware/virus software on and ran from the cd, this has also been very effective.

  6. #6
    Member
    Join Date
    Nov 2003
    Posts
    64
    Dear All,
    Sorry for not replying earlier had some issues to deal with. What i need is to have a centralized management host, that will be able to manage, monitor, update, scan etc any of the hosts on the network.

    Suggestions on software for antispyware, antivirus, antiadware, patch management (windows envior), deployment and securing that machine or anything that you find related would be appreciated.

    Thanks

  7. #7
    Shadow Programmer mmelby's Avatar
    Join Date
    Jul 2002
    Location
    Ft. Myers, FL
    Posts
    291
    For central management of AV I have used both Symatec and Panda with success (make sure you use the latest versions)

    We have not done any central management of AS yet. Most of our spy-ware is caught either through our email relays (using Brightmail and Tumbleweed), Websense for browsing, and Tipping Point for the rest.
    Last edited by mmelby; January 23rd, 2007 at 10:49 PM.
    Work... Some days it's just not worth chewing through the restraints...

  8. #8
    Junior Member
    Join Date
    Dec 2006
    Posts
    28
    It depends on how big of an environment we're talking about and how much you can afford.

    Before you read this take a look @ this article to see the effectiveness of IE7's reset function.


    I will tell you what I did notice and I hope it gleans some empirical evidence.

    Real-world scenario: The 5000+ workstation environment I work at

    The biggest thing that helped us were web and email filtering appliances. Sure, cleaning is great but that is a passive response.

    Before we locked down unmonitored communications we were spinning our wheels and constantly cleaning PCs at the HelpDesk. I MEAN I WAS. Then I moved to the Desktop team and suddenly the Help Desk didn't do that any more- because I was that guy. After I left the Help Desk everyone on the Desktop team bitched about spyware- as if they hadn't seen it before (hmmm...). After I moved, I literally saw it become an enterprise issue and others on the Desktop team noticed the coincidence as well.

    We had McAfee ePO for AV mgmt, yet I still spent a good 3 hrs/day cleaning up pc's... with cleaning software. Once we upped our email and Internet filtering it cut off the heads of what was getting us.
    I remember, after turning on the switch on mail filtering, we were catching100,000+ quarantined emails a day.

    Later we bought spyware cleaning pieces but it had minimal results after content filtering.


    Now, the only stuff we see is when our firewall admin notices spikes to specific IPs that are eating up bandwidth.


    If it is a small environment I'd definitely research and test with local pc permissions. See what they need to operate the pc. And have a standard image that is patched.
    Last edited by not_it; January 24th, 2007 at 04:14 AM.

  9. #9
    Member
    Join Date
    Nov 2003
    Posts
    64
    Thank you for the input. The organization is investing in a UTM Appliance. Which reduces the threats. What I wanted to find out is what solutions, tools, software are out there that will help an administrator with managing the security of the network centrally. The network is small about 100 hosts. All windows (AD).

    Things that will save the administrators time to do other things.

    Regards

  10. #10
    Member
    Join Date
    Jan 2006
    Posts
    31
    Quote Originally Posted by mmelby
    For central management of AV I have used both Symatec and Panda with success (make sure you use the latest versions)

    We have not done any central management of AS yet. Most of our spy-ware is caught either through our email relays (using Brightmail and Tumbleweed), Websense for browsing, and Tipping Point for the rest.
    what is Brightmail Tracker?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •